1. Field of Invention
This invention relates in general to methods for maintaining electronic caalendars for end users in a multi-terminal data processing system and in particular to a method of controlling the unauthorized disclosure of classified data that is used to describe an event that has been calendared.
2. Description of the Related Art
The prior art has disclosed a number and variety of interactive electronic calendaring systems and methods. The objective of all of these systems is primarily to assist the person who, for a number of different reasons, maintains a calendar of future events containing various information about the event at entry points on the calendar which relate to the time of the event.
The increase of personal computers and intelligent workstations in recent years has made it possible for calendar owners to establish and maintain their calendars on these interactive type data processing systems.
Two general types of interactive electronic calendaring systems have thus evolved in the art. In one type of calendaring system, the owner of the calendar is generally also the user of the workstation and that workstation is generally not a part of a larger network. Generally, in these types of systems, the calendar functions involve presenting a screen to the user representing a day calendar divided into a number of time periods or time slots. Each period is capable of displaying a limited amount of text that the user enters. In some systems, the day calendar can scroll vertically to present more time periods to the uer or horizontally to present longer text entries. The operator can generally "page" forward or backward and, in most arrangements, can display a requested date. These calendaring arrangements generally do not limit the type of event that is calendared nor the terminology employed at any of the entry points and, to that extent, function in the same manner as conventional manual calendars or appointment books. The electronic calendaring methods and systems do hve an advantage over the prior art manual calendaring of events in that the user generally has the ability to scan a time span involving a large number of days and identify calendared events quite rapidly.
The other type of calendaring arrangement that has developed in the prior art involves multi-user environments having a large number of terminals or workstations which are generally part of a larger communication network that has been established to permit the users to interact with each other and with data maintained on the data processing system. In this environment, a user at a terminal or workstation can send a message to one or more of the other users on the network and is notified when the addressees has received and read the message.
In most of these environments, each user generally maintains a separate calendar, and in many of these environments the reason for the interaction with each other quite often generally involves reference to respective calendars. A considerable amount of time is therefore spent in many organizations, with people checking and rearranging their calendars to accommodate various events such as meetings, presentations, etc. In this environment, the calendar systems and methods have progressed to the point where a person who is called a meeting can, at least, review the calendars of other users on the system that he intends to invite to a meeting to determine whether a given time period is available on the respective calendars of the perspective attendees. The cross-referenced applications describe various improvements to electronic calendaring methods for increasing productivity and making the overall system more appealing to the calendar owner by providing functions that the calendar owner came to expect and rely on when his calendar was being kept manually.
A problem that still persists in multi-user systems involves the security of the information that calendar users enter into their calendars and which is generally available for viewing by other users of the system. In some prior art systems the data security problem is inherently minimized since the amount of space available to describe the event that is calendared is very limited and often results in very cryptic descriptions. However in calendaring systems as described in cross-referenced application Ser. No. (DA987027), the amount of space allowed to describe an event in theory is unlimited. In this type of system the space allocated for an event description is independent of the time period of the event. There is therefor a tendency to have detailed descriptions, which are accompanied by relevant comments, annotations, reminders and messages to other persons, which are sometimes sensitive from either a personal, personnel or information security standpoint.
In some systems, the problem is addressed by limiting access to each user's calendar to selected individuals. In certain situations, this solution may be justified, but it is very impractical as a general solution to the problem because in many systems access permission is not selective as to the type of calendar data. The administration of the access permission process therefore becomes very unwieldily. As a result, two situations generally develop depending on the user's perception of security needs. One set of users who have no concern for document security directives will enter classified data into their calendar entries and hope that the formation will not be compromised when another user on the system is viewing the calendar to determine the first user's available free time. Another set of users will just avoid making an entry if the information is sensitive and will have a manual backup calendar system for such entries. Calendar entries of a personal nature also follow a similar scenario. The overall integrity of the system is therefore lessened and users become reluctant to participate.
The prior art does disclose calendaring systems in which calendared events are assigned security classifications at the time they are calendared. By assigning each calendar user on the system access to classified event descriptions at or below below his or her assigned security level, the system can now control access at a much finer granularity. Event descriptions which have been classified above the security level of the viewer of a day calendar are censored on the presentation screen and printout. This results in better security for entries which are personal to the calendar owner and entries which are sensitive from the security standpoint. Users are therefore less reluctant to make full use of the electronic calendar system.
However two data security problems still remain in these types of systems. The first problem arises from the fact that most all security systems require a document to have a security label which designates the security classification of the information contained in the document. When a user requests a copy of his calendar to be displayed or printed out, there is no security label automatically attached or associated with the copy. The user must remember to add one manually, which task is easily over looked if the copy is printed, and generally not permitted if the copy is merely displayed. The calendaring system is then viewed as a potential source of exposure of sensitive data.
The other problem that still exists in calendaring systems which only allow users access to classified data that corresponds to their access permission levels, is that since the user is never prevented from viewing or printing all his own calendar entries regardless of their security classifications, no provision is made to allow the calendar owner to display or print his own calendar with entries above a designated security level deleted or censored.
The present invention is directed to a method to overcome the above described problems.